In response to recent hacking shenanigans, including Sony, Microsoft and a myriad of other large breaches, President Obama and PM David Cameron have agreed to stage attacks against each other. I ask Mark James what he thinks of the proposed “war games”.
Following Obama’s speech about the attacks on Sony and proposing longer prison sentences for hacking and David Cameron saying some silly things about encryption, the two have met to talk cyber-attacks.
According to the BBC’s report the first “war game” will involve the “Bank of England and commercial banks, targeting the City of London and Wall Street.”
Talks about encryption were also on the cards: specifically about viewing encrypted messages moving through Facebook and Google.
Will it work?
I asked Mark James, ESET security specialist, his thoughts on the “cyber war games”.
“It’s a great idea, but will it work? I very much doubt it.
“Who is going to be doing this staged attack? Bear in mind the people that cause the problems we are trying to protect against are not going to be the people testing it.”
For years companies have paid hackers to fix holes in their systems but Mark asks whether this is too much “like asking your next door neighbour if he thinks your house is secure.”
How far is your neighbour going to go? He might jiggle the handle a bit and check for open windows (no pun intended) but he’s unlikely to kick a door in.
“The thought process works, it’s no different than a large company doing Network penetration testing,” explains Mark.
“It is designed to help protect and find the large holes but it won’t guarantee you’re safe from hackers: the type of people doing the hacking will find new and advanced ways to get in each and every time.”
Mark adds that “we have not even started to discuss the biggest threat... the users themselves.”
The bad guys
I also asked Mark about the proposed access to encrypted communication that Cameron mentioned in a recent statement.
“Encryption will always have a place and will always be available. Encryption that anyone can access is not encryption anymore; it’s just another language that anyone can learn.”
Mark concludes that “the bad guys will always find a way to communicate securely no matter how hard we try and large corporations will always want the means to protect their secrets.”
When it comes to encryption “there will always be a country somewhere that supports full encryption for all, the bad guys will just sit their servers there.”
If you want to stay up to date with the blog then join our LinkedIn Group.
Your thoughts on the “cyber war games”? And proposed access to encryption?